Advice Request Giving Linux a try

Please provide comments and solutions that are helpful to the author of this topic.

bellgamin

Level 4
Thread author
Verified
Well-known
Oct 11, 2016
160
it possible to install linux in UEFI mode?
I do not know. Other than activating Zorin's built-in firewall, I see no need to mess with such stuff as UEFI because of: 1-Linux's innate security and 2-Timeshift.

Sorry. Hopefully, others will reply to your question.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
So I went from Mint to Fedora weeks ago and I like it even better than Mint.
May I ask why you like Fedora so much?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you very much! Do you know of any good on-demand scanners?
ClamTk is an on-demand scanner for Linux. As far as I can tell, it's strictly signature based.

Clam updates signatures frequently. I used it for a while but stopped when I got over the last bit of my paranoia from long years of using Windows & having layers of real-time security, frequent patches, etc.

BTW -- ClamTK is on Zorin's "ready to install" software list. For other Distros, just Google "clam for linux" -- without the quotes.
 
Last edited:

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
Thank you very much! Do you know of any good on-demand scanners?(y)
For Linux, I don't know of any, probably because I don't ever use anti-malware scanners on linux.

BTW, this is how I boot into linux on my MX-21/Windows 11 laptop using my MX-21 pendrive:


Most people won't like this, but it only takes a few seconds longer to boot to Linux, but without the need to disable Secure boot.
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Most people won't like this, but it only takes a few seconds longer to boot to Linux, but without the need to disable Secure boot.
Thank you very much! Excellent tip! I talk about anti-malware scanner on demand for Windows same as Norton Power Eraser. I didn't want to talk because I am investigating I think I was compromised, they tried to access my google account yesterday, I got the notification from google this morning. 😔
 
  • Sad
  • Wow
Reactions: kylprq and plat

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
1685493755826.png

😔
 

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
892
Zorin, Ubuntu, and a few other distros support secure boot, but apparently it could cause problems with some graphics and network cards because of a requirement for Windows signed keys in the firmware.
The issue is only with Nvidia proprietary drivers and that too in distros which do not support closed source drivers ( like fedora, they do not ship closed source drivers but fedora comes with open source Nvidia driver). Closed source drivers can be installed on distros that support secure boot by creating your own MOK key and inserting it in shim, some distros does this automatically like ubuntu and opensuse, for fedora you can follow this guide.

it possible to install linux in UEFI mode?
All linux distros support UEFI mode and you can install all of then in a uefi system. But If you are asking does linux distros support secure boot, then its a different answer.
currently Ubuntu, Fedora, Linux mint, Redhat, Opensuse, Centos, Debian, Zorinos, Vanilla os, Mx Linux are some of the distros which ship with Microsoft signed shim and provide proper secure boot. With Arch and its derivatives you can sign the shim with the key you generate in your system and later you can insert the key in uefi bios MOK , its a tedious process.

If anyone can give me some pointers on configuring & using Wine, PLEASE do so.
this is much better than wine...
 
Last edited:

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Not sure if that is a legitimate breach, but probably you should at least change your google password as an initial step.
That was the first thing I did, in fact google asked me to change the password immediately as soon as I logged into my account. Then I removed all connected devices. I revoked the MFA and reactivated the 2FA with new seed. I think it was some malicious extension or it was compromised by some hacker who must have injected it into the developer's source code just don't know what it is. My computer is clean no scanner like Norton Power Eraser, Kaspersky KVRT, ESET online Scanner, EEK found nothing suspicious or malicious. This is a lesson and a warning to other users like me who keep installing too many extensions on their browsers and this goes to @HarborFront I will write in CAPITAL letters DO NOT IN ANY WAY INSTALL UNNECESSARY EXTENSIONS OR IF POSSIBLE NONE on your browsers if you have annoying ads use adguard desktop, nextdns, Pi-hole or at least uBlock Origin nothing else. The extension or whatever rogue app tried to steal my saved session through cookies, but they couldn't. According to google as soon as they logged in access was blocked when they noticed suspicious activity and everything was reset. I had to recover my account and confirm my identity. I already formatted my machine, but created a backup image for me to investigate later and find out what happened, I will restore on a VM and go deep until I find out what happened. After this incident I will clean up and remove all extensions that I do not use. 😔

1685510064242.png
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
869
And that's why I trust Google for security, they are pretty good warning users about attacks. Looks like someone added a security key to your account, got login access then deleted it. If I'm reading your posts right, there must be a vulnerability in Gmail on Android or desktop where you can add a security key and gain access to targeted account.

On extensions your right, only bear minimum i.e uBlock Origin.
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
And that's why I trust Google for security, they are pretty good warning users about attacks. Looks like someone added a security key to your account, got login access then deleted it.
I have 3 yubikey security keys, all online accounts that accept MFA for security keys I activate and use. I assume they know I have 2FA for security keys, and are weighing that I am an important person and have become the target, well I think so, very coincidental maybe.:cautious:
 
Last edited:

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
All linux distros support UEFI mode and you can install all of then in a uefi system. But If you are asking does linux distros support secure boot, then its a different answer.
Yes you are right, I should have clarified, but if hardware is using UEFI firmware, then it means it's also using Secure Boot, and since Secure Boot is the roadblock for most Distros, that was why my post focused on it, rather than UEFI.
 
  • Like
Reactions: Brahman

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
869
I have 3 yubikey security keys, all online accounts that accept MFA for security keys I activate and use. I assume they know I have 2FA for security keys, and are weighing that I am an important person and have become the target, well I think so, very coincidental maybe.:cautious:
Well, you post on a security forum about Linux so you 'extremist ;)'!

You also have to consider they access to your computer and/or your password for Gmail is out there but without your YubiKey that would be worthless :unsure:.

Since you do have YubiKeys you also have to consider they have somehow MiTM your security key to access your account. I must read up on exploits!

Anyway, you have obviously caught the attention of someone, and you name is on a whiteboard. Intercepting YubiKey is no means feat at this stage.

One last thing you sure you didn't add a YubiKey and revoke it by yourself? Maybe fat fingered your phone in your pocket or something trivial?
 
  • Like
Reactions: piquiteco

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
I will write in CAPITAL letters DO NOT IN ANY WAY INSTALL UNNECESSARY EXTENSIONS OR IF POSSIBLE NONE on your browsers if you have annoying ads use adguard desktop, nextdns, Pi-hole or at least uBlock Origin nothing else.

Absolutely best advice. This is one of the reasons I like and use Apparmor in Linux for my browsers. The profile for librewolf only allows the one addon I use, uBlock Origin, to be installed or updated, and run. As an example, if i tried to install any other addon, or if malware were to try the same, Apparmor will block it. Just for demo purposes, when I tried to install Feedbro addon:

apparmor extension block.png

The syslog entry:

Code:
apparmor="DENIED" operation="mknod" profile="/usr/share/librewolf/librewolf" name="/home/user/.librewolf/zgzvybte.default-default/extensions/staged/{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}.xpi"

If for some reason I wanted to install additional addon(s), I would have to create new Apparmor rules for them.
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Well, you post on a security forum about Linux so you 'extremist ;)'!
Joking aside, I don't understand what you mean lol? :LOL:
You also have to consider they access to your computer and/or your password for Gmail is out there but without your YubiKey that would be worthless :unsure:.
Yes, but remember that my google session was saved, a malicious app, malware can steal the cookies saved in the browser, and if this happens even if your account has 2FA enabled, it will be useless in this scenario.
Since you do have YubiKeys you also have to consider they have somehow MiTM your security key to access your account. I must read up on exploits!
Yes, it is possible, nothing is 100% bulletproof.
Anyway, you have obviously caught the attention of someone, and you name is on a whiteboard. Intercepting YubiKey is no means feat at this stage.
I believe so, it leaves a question mark like this ? on the whiteboard is better, just be more aware. :)
One last thing you sure you didn't add a YubiKey and revoke it by yourself? Maybe fat fingered your phone in your pocket or something trivial?
No, my account already had YubiKey I never revoked. The curious fact that I never left my google account logged in my browser, only on my android phone. Now after this incident, I no longer leave it logged into chrome even on my computer, only once in a while I log in and let the history and bookmarks sync and then log out of the account and clear the cookies. I have been thinking that it may be MS EDGE that did this even though it is based on chromium, it was that feature that Microsoft added in EDGE to import the bookmarks, cookies from chrome every time you open Edge it always brings your chrome bookmarks, history, cookies, extensions up to date and my account was already logged into EDGE but had not logged into it, Edge automatically imported my chrome session from my google account. I believe google may have found it suspicious thinking it was a rogue app, it is a hypothesis, I don't know maybe I am wrong. I believe I will never know, what happened. I used all kinds of on demand scanners and found nothing. I even mounted the backup image and did a full scan and nothing was found. I even used autoruns, process explorer, process monitor, safe mode, safe mode with network, I went back and forth and found nothing suspicious, I assume it was not malware. :confused:
 
  • Like
Reactions: Zero Knowledge

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top